invalid_request缺失:在Google Oauth2上使用Google Passportjs进行范围 [英] invalid_request with missing: scope using Google Passportjs on Google Oauth2
问题描述
身份验证代码中出现了一个问题,该问题一直有效到今年年初,然后看来我的变化很小,我试图退回到以前的版本并找到运气,但是没有运气.因此,我正在寻求修复现有代码的帮助.
An issues has developed in authentication code that was working perfectly up until the beginning of the year, and then seemingly broke with little change on my part, I've tried to regress to a previous version and find the cause with no luck. So I'm Looking for help in fixing the code as it exists today.
我正在使用nodejs v0.10.25 Passportjs通过Google和Facebook提供身份验证.我的包裹:
I'm using nodejs v0.10.25 Passportjs to provide authentication through both Google and Facebook. My packages:
"config-multipaas": "^0.1.0",
"restify": "^2.8.3",
"googleapis": "~2.1.5",
"mocha": "~2.3.3",
"restify-redirect": "~1.0.0",
"sequelize": "~3.12.2",
"mysql": "~2.9.0",
"passport": "~0.3.2",
"passport-facebook": "~2.0.0",
"passport-local": "~1.0.0",
"passport-google-oauth": "~0.2.0",
"sendgrid-webhook": "0.0.4",
"sendgrid": "~2.0.0",
"restify-cookies": "~0.2.0"
两个星期前,在处理应用程序的另一部分时,我注意到用户注册功能不再对这两种服务都起作用.具体来说,Google Oauth2代码在初始同意页面之后返回以下错误.
Two weeks ago, while working on another part of the application, I noticed that user signup function was no longer working for either services. Specifically, the Google Oauth2 code returns the following error after the initial consent page.
- 那是一个错误.
错误:invalid_request
Error: invalid_request
缺少必需的参数:作用域
Missing required parameter: scope
以下是我的策略定义的相关部分:
Here is the pertinent parts of my strategy definition:
passport.use(new FacebookStrategy({
clientID: siteConfigs.facebook.clientId,
clientSecret: siteConfigs.facebook.clientSecret,
callbackURL: authRoot + 'facebook/callback',
profileFields: ['id','name','emails', 'picture', 'location', 'birthday', 'gender']
},
function(accessToken, refreshToken, profile, done){...}
passport.use(new GooglePlusStrategy({
clientID: siteConfigs.google.clientId,
clientSecret: siteConfigs.google.clientSecret,
callbackURL: authRoot + 'google/callback',
profileFields: ['id','name','emails', 'gender', 'placesLived']
},
function(accessToken, refreshToken, profile, done){...}
令牌回调函数的机制无关紧要,因为该过程永远不会走得那么远(已通过节点调试器和控制台日志语句进行了验证).
The mechanics of the token callback functions are not relevant as the process never gets that far (verified by node debugger and console log statements).
这是我的其余端点:
app.get('/auth/facebook', passport.authenticate('facebook', { session: false, scope: ['email']}));
app.get('/auth/google', passport.authenticate('google',
{
scope: ['profile', 'email'],
accessType: 'online',
session: false
})
);
app.get('/auth/:service/callback', function(req, res, next){
console.log('Request:', req.path(), req.getQuery());
passport.authenticate(req.params.service,
function(err, user, info){
var returnPath = '/html/authcallback.html';
if(err)
return res.redirect({
pathname: returnPath,
query: {
error: err
}
}, next);
else
return res.redirect({
pathname: returnPath,
query: {
id: user.id,
created: info
}
}, next);
})(req, res, next);
});
经过一些初步的故障排除后,我采用了将Google的Oauth 2.0 Playground与自定义auth和令牌端点(我的passwordjs版本中使用的端点)以及我自己的客户端ID和密码一起使用的方法,将其中的每次交互与我的代码进行了比较正在做.同意提示的初始请求可以正常运行,并且与Playground匹配,并且回调函数返回适当的代码,例如code=4/EUnaIvWpLIiHnKUR9WctOJKQ-_iWZ3_H9YeUYx7bJSo.但是交换令牌代码的请求失败.使用节点调试器来评估passport-google-oauth为令牌发送回的重定向请求,它构建的URL为:
After some initial troubleshooting, I took the approach of using Google's Oauth 2.0 Playground with custom auth and token endpoints (the ones used in my passportjs version) and my own client ID and secret to compare every interaction there with what my code was doing. The initial request for the consent prompt works correctly and matches Playground, and the callback returns an appropriate code, such as code=4/EUnaIvWpLIiHnKUR9WctOJKQ-_iWZ3_H9YeUYx7bJSo. But the request to exchange code for token fails. using node debugger, to evaluate the redirect request that passport-google-oauth sends back for the token, the URL it builds is:
https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=http://localhost:8080/auth/google/callback&client_id=<ID>
将此与Google Oauth 2.0 Playground的类似请求进行比较,如下所示:
Compare this to a comparable requests from Google Oauth 2.0 Playground, which would look like:
http://www.googleapis.com?code=4/9uaUYjeExmPftgRLsRZ8MCc2e_7YGHow7kvew6Fkypo&redirect_uri=https://developers.google.com/oauthplayground&client_id=<ID>&client_secret=<SECRET>&scope=&grant_type=authorization_code
我的查询字符串中缺少几个参数,其中两个最重要的参数是我的代码和密码.我本以为Google的服务会为这些服务返回错误.相反,它会为缺少的范围参数返回一个错误,无论如何在此过程中实际上并不需要此错误(我不知道为什么游乐场应用程序包含它).
There are several parameters missing from my query string, the two most important being my code and secret. I would have thought that Google's service would have returned an error for those. Instead, it's returning a error for the missing scope parameter that actually isn't needed for this step in the process anyway (I have no idea why the playground app includes it).
最后,我可以肯定的是,随着Facebook策略开始失败,它也在我身边.同意后,它很奇怪地返回了我的带有多个代码的回调,然后最终返回了TOO_MANY_REDIRECTS错误.
Finally, I'm fairly certain that it's somewhere on my side as the Facebook strategy began failing, as well. After consent, it goes and weird of returning to my callback with multiple codes, then finally returns a TOO_MANY_REDIRECTS error.
那么,有人有什么想法吗?相同的代码再次运行到今年年初,然后在以后的某个时间开始失败.
So, anyone have any ideas? Once again, this same code was working up until the beginning of the year, then began failing some time afterward.
推荐答案
几个星期前,我问了这个问题偶然发现了一个答案.我很乐意分享:
I asked this same question a couple of weeks ago and stumbled across an answer on my own. I'm happy to share it:
似乎初始化服务器后,我丢失了以下代码:
Seems I was missing the following code after initializing the server:
api.use(restify.plugins.queryParser({ mapParams: false }));
添加该行后,我再也看不到Google错误,该过程又传回了我的代码.
Once I added that line, I no longer saw the Google error, and the process passed back to my code.
这篇关于invalid_request缺失:在Google Oauth2上使用Google Passportjs进行范围的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
